### #RemoteAccessRisks #PrivacyExposed #AnyDeskVulnerability
Summary: A critical vulnerability in AnyDesk’s remote desktop software could allow attackers to expose users’ IP addresses, raising significant privacy concerns. Identified by security researcher Ebrahim Shafiei, this flaw affects versions 8.1.0 and below, enabling exploitation without any changes on the victim’s system.
Threat Actor: Unknown | unknown
Victim: AnyDesk users | AnyDesk users
Key Point :
- The vulnerability (CVE-2024-52940) is found in the “Allow Direct Connections” feature on Windows systems.
- Attackers can retrieve a target’s public IP address using only their AnyDesk ID when the connection port is set to 7070.
- This exploitation requires no configuration changes on the victim’s system, making it particularly dangerous.
- Leaked IP addresses can lead to further attacks, including phishing campaigns and denial-of-service attacks.
- Proof-of-concept exploit code has been published on GitHub, highlighting the urgency for a patch from AnyDesk.
- Users are advised to disable the “Allow Direct Connections” feature until an official fix is released.
A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. Security researcher Ebrahim Shafiei identified the flaw (CVE-2024-52940) in AnyDesk’s “Allow Direct Connections” feature on Windows systems.
The vulnerability affects AnyDesk versions 8.1.0 and below. When “Allow Direct Connections” is enabled and the connection port is set to 7070 on the attacker’s system, it allows them to retrieve the public IP address of a target using only their AnyDesk ID. Worryingly, this requires no configuration changes on the victim’s system.
“This vulnerability in AnyDesk’s ‘Allow Direct Connections’ feature exposes sensitive IP information of the target,” Shafiei explains. “Attackers can exploit this flaw to retrieve the public IP address, and, in specific cases, the private IP address of the target system.”
The implications of this vulnerability are significant, especially in scenarios where remote access tools are not adequately protected. Leaked IP addresses can be used for further attacks, including targeted phishing campaigns, denial-of-service attacks, or even to pinpoint a user’s physical location.
Shafiei has published proof-of-concept exploit code for this vulnerability on Github, highlighting the urgency of the situation. He emphasizes the need for an update or patch from AnyDesk’s development team to fully address the issue.
Currently, no official fix is available from AnyDesk. Users are advised to exercise caution when using the “Allow Direct Connections” feature and consider disabling it until a patch is released.